Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
gpt_academic provides a graphical interface for ChatGPT/GLM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In JetBrains TeamCity before 2023.05 authentication checks were missing - 2FA was not checked for some sensitive account actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 1.0.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue was discovered in the Linux kernel before 6.3.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. Rated medium severity (CVSS 4.7).
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 2.0.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.